Update Composite ML-DSA OIDs to Draft 8 specification

[Copilot]

Updates the hardcoded Composite ML-DSA algorithm OIDs in ASP.NET Core to match Draft 8 of the IETF Composite ML-DSA specification.

Background

Draft 8 of the IETF Composite ML-DSA specification was recently released with updated algorithm OIDs. The .NET runtime has already been updated in dotnet/runtime#120077 to support these new OIDs, and ASP.NET Core needs to be synchronized.

Changes

Updated all 18 Composite ML-DSA algorithm OIDs in CertificateConfigLoader.cs:

• Old pattern: 2.16.840.1.114027.80.9.1.{0-17}
• New pattern: 2.16.840.1.114027.80.9.1.{20-37}

Each OID identifier was incremented by 20 to match the Draft 8 specification. For example:

• MLDsa44WithRSA2048PssPreHashSha256Oid: 2.16.840.1.114027.80.9.1.0 → 2.16.840.1.114027.80.9.1.20
• MLDsa87WithECDsaP521PreHashSha512Oid: 2.16.840.1.114027.80.9.1.17 → 2.16.840.1.114027.80.9.1.37

Notes

• These changes ensure ASP.NET Core certificate loading remains compatible with the latest Composite ML-DSA implementations
• The OIDs are still interim - IANA will assign final OIDs when the specification is standardized
• No functional changes to certificate loading logic, only OID constant updates
• Changes are synchronized with the .NET runtime implementation

Fixes #60423

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Composite ML-DSA OIDs have been updated</issue_title>
<issue_description>Draft 8 of the Composite ML-DSA spec has updated the composite algorithm OIDs. The new OIDs are here.

The runtime PR with these changes is here: dotnet/runtime#120077

ASP.NET Core would need to update the hardcoded OIDs here:

aspnetcore/src/Servers/Kestrel/Core/src/Internal/Certificates/CertificateConfigLoader.cs

Lines 117 to 134 in 6c99dee

	const string MLDsa44WithRSA2048PssPreHashSha256Oid = "2.16.840.1.114027.80.9.1.0";
	const string MLDsa44WithRSA2048Pkcs15PreHashSha256Oid = "2.16.840.1.114027.80.9.1.1";
	const string MLDsa44WithEd25519PreHashSha512Oid = "2.16.840.1.114027.80.9.1.2";
	const string MLDsa44WithECDsaP256PreHashSha256Oid = "2.16.840.1.114027.80.9.1.3";
	const string MLDsa65WithRSA3072PssPreHashSha512Oid = "2.16.840.1.114027.80.9.1.4";
	const string MLDsa65WithRSA3072Pkcs15PreHashSha512Oid = "2.16.840.1.114027.80.9.1.5";
	const string MLDsa65WithRSA4096PssPreHashSha512Oid = "2.16.840.1.114027.80.9.1.6";
	const string MLDsa65WithRSA4096Pkcs15PreHashSha512Oid = "2.16.840.1.114027.80.9.1.7";
	const string MLDsa65WithECDsaP256PreHashSha512Oid = "2.16.840.1.114027.80.9.1.8";
	const string MLDsa65WithECDsaP384PreHashSha512Oid = "2.16.840.1.114027.80.9.1.9";
	const string MLDsa65WithECDsaBrainpoolP256r1PreHashSha512Oid = "2.16.840.1.114027.80.9.1.10";
	const string MLDsa65WithEd25519PreHashSha512Oid = "2.16.840.1.114027.80.9.1.11";
	const string MLDsa87WithECDsaP384PreHashSha512Oid = "2.16.840.1.114027.80.9.1.12";
	const string MLDsa87WithECDsaBrainpoolP384r1PreHashSha512Oid = "2.16.840.1.114027.80.9.1.13";
	const string MLDsa87WithEd448PreHashShake256_512Oid = "2.16.840.1.114027.80.9.1.14";
	const string MLDsa87WithRSA3072PssPreHashSha512Oid = "2.16.840.1.114027.80.9.1.15";
	const string MLDsa87WithRSA4096PssPreHashSha512Oid = "2.16.840.1.114027.80.9.1.16";
	const string MLDsa87WithECDsaP521PreHashSha512Oid = "2.16.840.1.114027.80.9.1.17";

Note that these are not the final OIDs either. IANA will be assigning those at some point in the future.

/cc @MackinnonBuck @BrennanConroy </issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #63804

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.